From a3b5f37553d569a5abd9ebcde05ea4c45cc52f50 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 12 Nov 2019 18:15:44 +0000 Subject: [PATCH] options: Fix segfault when multiple --key parameters given. Easily reproducible using: $ guestfish --key dev1:key:key1 --key dev2:key:key2 causing this stack trace (or others depending on where the memory corruption was caught): Program received signal SIGABRT, Aborted. 0x00007ffff7905625 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff7905625 in raise () from /lib64/libc.so.6 #1 0x00007ffff78ee8d9 in abort () from /lib64/libc.so.6 #2 0x00007ffff79494af in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff7950a6c in malloc_printerr () from /lib64/libc.so.6 #4 0x00007ffff79528d0 in _int_free () from /lib64/libc.so.6 #5 0x00005555555bdd6e in free_key_store () #6 0x0000555555589027 in main () (gdb) quit (cherry picked from commit 8c42f772614b44a8cb974afa904ec9f518431ab2 in libguestfs-common) --- common/options/keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/options/keys.c b/common/options/keys.c index 7f689866b..f783066ff 100644 --- a/common/options/keys.c +++ b/common/options/keys.c @@ -216,7 +216,8 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key) } assert (ks != NULL); - new_keys = realloc (ks->keys, sizeof (*ks->keys) + 1); + new_keys = realloc (ks->keys, + (ks->nr_keys + 1) * sizeof (struct key_store_key)); if (!new_keys) error (EXIT_FAILURE, errno, "realloc"); -- 2.21.0